projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Taint: check on supplied buffer vs. list when extracting elements
[exim.git] / src / src / string.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8 /* Miscellaneous string-handling functions. Some are not required for
9 utilities and tests, and are cut out by the COMPILE_UTILITY macro. */
10
11
12 #include "exim.h"
13 #include <assert.h>
14
15
16 #ifndef COMPILE_UTILITY
17 /*************************************************
18 * Test for IP address *
19 *************************************************/
20
21 /* This used just to be a regular expression, but with IPv6 things are a bit
22 more complicated. If the address contains a colon, it is assumed to be a v6
23 address (assuming HAVE_IPV6 is set). If a mask is permitted and one is present,
24 and maskptr is not NULL, its offset is placed there.
25
26 Arguments:
27 s a string
28 maskptr NULL if no mask is permitted to follow
29 otherwise, points to an int where the offset of '/' is placed
30 if there is no / followed by trailing digits, *maskptr is set 0
31
32 Returns: 0 if the string is not a textual representation of an IP address
33 4 if it is an IPv4 address
34 6 if it is an IPv6 address
35 */
36
37 int
38 string_is_ip_address(const uschar *s, int *maskptr)
39 {
40 int yield = 4;
41
42 /* If an optional mask is permitted, check for it. If found, pass back the
43 offset. */
44
45 if (maskptr)
46 {
47 const uschar *ss = s + Ustrlen(s);
48 *maskptr = 0;
49 if (s != ss && isdigit(*(--ss)))
50 {
51 while (ss > s && isdigit(ss[-1])) ss--;
52 if (ss > s && *(--ss) == '/') *maskptr = ss - s;
53 }
54 }
55
56 /* A colon anywhere in the string => IPv6 address */
57
58 if (Ustrchr(s, ':') != NULL)
59 {
60 BOOL had_double_colon = FALSE;
61 BOOL v4end = FALSE;
62
63 yield = 6;
64
65 /* An IPv6 address must start with hex digit or double colon. A single
66 colon is invalid. */
67
68 if (*s == ':' && *(++s) != ':') return 0;
69
70 /* Now read up to 8 components consisting of up to 4 hex digits each. There
71 may be one and only one appearance of double colon, which implies any number
72 of binary zero bits. The number of preceding components is held in count. */
73
74 for (int count = 0; count < 8; count++)
75 {
76 /* If the end of the string is reached before reading 8 components, the
77 address is valid provided a double colon has been read. This also applies
78 if we hit the / that introduces a mask or the % that introduces the
79 interface specifier (scope id) of a link-local address. */
80
81 if (*s == 0 || *s == '%' || *s == '/') return had_double_colon ? yield : 0;
82
83 /* If a component starts with an additional colon, we have hit a double
84 colon. This is permitted to appear once only, and counts as at least
85 one component. The final component may be of this form. */
86
87 if (*s == ':')
88 {
89 if (had_double_colon) return 0;
90 had_double_colon = TRUE;
91 s++;
92 continue;
93 }
94
95 /* If the remainder of the string contains a dot but no colons, we
96 can expect a trailing IPv4 address. This is valid if either there has
97 been no double-colon and this is the 7th component (with the IPv4 address
98 being the 7th & 8th components), OR if there has been a double-colon
99 and fewer than 6 components. */
100
101 if (Ustrchr(s, ':') == NULL && Ustrchr(s, '.') != NULL)
102 {
103 if ((!had_double_colon && count != 6) ||
104 (had_double_colon && count > 6)) return 0;
105 v4end = TRUE;
106 yield = 6;
107 break;
108 }
109
110 /* Check for at least one and not more than 4 hex digits for this
111 component. */
112
113 if (!isxdigit(*s++)) return 0;
114 if (isxdigit(*s) && isxdigit(*(++s)) && isxdigit(*(++s))) s++;
115
116 /* If the component is terminated by colon and there is more to
117 follow, skip over the colon. If there is no more to follow the address is
118 invalid. */
119
120 if (*s == ':' && *(++s) == 0) return 0;
121 }
122
123 /* If about to handle a trailing IPv4 address, drop through. Otherwise
124 all is well if we are at the end of the string or at the mask or at a percent
125 sign, which introduces the interface specifier (scope id) of a link local
126 address. */
127
128 if (!v4end)
129 return (*s == 0 || *s == '%' ||
130 (*s == '/' && maskptr != NULL && *maskptr != 0))? yield : 0;
131 }
132
133 /* Test for IPv4 address, which may be the tail-end of an IPv6 address. */
134
135 for (int i = 0; i < 4; i++)
136 {
137 long n;
138 uschar * end;
139
140 if (i != 0 && *s++ != '.') return 0;
141 n = strtol(CCS s, CSS &end, 10);
142 if (n > 255 || n < 0 || end <= s || end > s+3) return 0;
143 s = end;
144 }
145
146 return !*s || (*s == '/' && maskptr && *maskptr != 0) ? yield : 0;
147 }
148 #endif /* COMPILE_UTILITY */
149
150
151 /*************************************************
152 * Format message size *
153 *************************************************/
154
155 /* Convert a message size in bytes to printing form, rounding
156 according to the magnitude of the number. A value of zero causes
157 a string of spaces to be returned.
158
159 Arguments:
160 size the message size in bytes
161 buffer where to put the answer
162
163 Returns: pointer to the buffer
164 a string of exactly 5 characters is normally returned
165 */
166
167 uschar *
168 string_format_size(int size, uschar *buffer)
169 {
170 if (size == 0) Ustrcpy(buffer, US" ");
171 else if (size < 1024) sprintf(CS buffer, "%5d", size);
172 else if (size < 10*1024)
173 sprintf(CS buffer, "%4.1fK", (double)size / 1024.0);
174 else if (size < 1024*1024)
175 sprintf(CS buffer, "%4dK", (size + 512)/1024);
176 else if (size < 10*1024*1024)
177 sprintf(CS buffer, "%4.1fM", (double)size / (1024.0 * 1024.0));
178 else
179 sprintf(CS buffer, "%4dM", (size + 512 * 1024)/(1024*1024));
180 return buffer;
181 }
182
183
184
185 #ifndef COMPILE_UTILITY
186 /*************************************************
187 * Convert a number to base 62 format *
188 *************************************************/
189
190 /* Convert a long integer into an ASCII base 62 string. For Cygwin the value of
191 BASE_62 is actually 36. Always return exactly 6 characters plus zero, in a
192 static area.
193
194 Argument: a long integer
195 Returns: pointer to base 62 string
196 */
197
198 uschar *
199 string_base62(unsigned long int value)
200 {
201 static uschar yield[7];
202 uschar *p = yield + sizeof(yield) - 1;
203 *p = 0;
204 while (p > yield)
205 {
206 *(--p) = base62_chars[value % BASE_62];
207 value /= BASE_62;
208 }
209 return yield;
210 }
211 #endif /* COMPILE_UTILITY */
212
213
214
215 /*************************************************
216 * Interpret escape sequence *
217 *************************************************/
218
219 /* This function is called from several places where escape sequences are to be
220 interpreted in strings.
221
222 Arguments:
223 pp points a pointer to the initiating "\" in the string;
224 the pointer gets updated to point to the final character
225 If the backslash is the last character in the string, it
226 is not interpreted.
227 Returns: the value of the character escape
228 */
229
230 int
231 string_interpret_escape(const uschar **pp)
232 {
233 #ifdef COMPILE_UTILITY
234 const uschar *hex_digits= CUS"0123456789abcdef";
235 #endif
236 int ch;
237 const uschar *p = *pp;
238 ch = *(++p);
239 if (ch == '\0') return **pp;
240 if (isdigit(ch) && ch != '8' && ch != '9')
241 {
242 ch -= '0';
243 if (isdigit(p[1]) && p[1] != '8' && p[1] != '9')
244 {
245 ch = ch * 8 + *(++p) - '0';
246 if (isdigit(p[1]) && p[1] != '8' && p[1] != '9')
247 ch = ch * 8 + *(++p) - '0';
248 }
249 }
250 else switch(ch)
251 {
252 case 'b': ch = '\b'; break;
253 case 'f': ch = '\f'; break;
254 case 'n': ch = '\n'; break;
255 case 'r': ch = '\r'; break;
256 case 't': ch = '\t'; break;
257 case 'v': ch = '\v'; break;
258 case 'x':
259 ch = 0;
260 if (isxdigit(p[1]))
261 {
262 ch = ch * 16 +
263 Ustrchr(hex_digits, tolower(*(++p))) - hex_digits;
264 if (isxdigit(p[1])) ch = ch * 16 +
265 Ustrchr(hex_digits, tolower(*(++p))) - hex_digits;
266 }
267 break;
268 }
269 *pp = p;
270 return ch;
271 }
272
273
274
275 #ifndef COMPILE_UTILITY
276 /*************************************************
277 * Ensure string is printable *
278 *************************************************/
279
280 /* This function is called for critical strings. It checks for any
281 non-printing characters, and if any are found, it makes a new copy
282 of the string with suitable escape sequences. It is most often called by the
283 macro string_printing(), which sets allow_tab TRUE.
284
285 Arguments:
286 s the input string
287 allow_tab TRUE to allow tab as a printing character
288
289 Returns: string with non-printers encoded as printing sequences
290 */
291
292 const uschar *
293 string_printing2(const uschar *s, BOOL allow_tab)
294 {
295 int nonprintcount = 0;
296 int length = 0;
297 const uschar *t = s;
298 uschar *ss, *tt;
299
300 while (*t != 0)
301 {
302 int c = *t++;
303 if (!mac_isprint(c) || (!allow_tab && c == '\t')) nonprintcount++;
304 length++;
305 }
306
307 if (nonprintcount == 0) return s;
308
309 /* Get a new block of store guaranteed big enough to hold the
310 expanded string. */
311
312 ss = store_get(length + nonprintcount * 3 + 1, is_tainted(s));
313
314 /* Copy everything, escaping non printers. */
315
316 t = s;
317 tt = ss;
318
319 while (*t != 0)
320 {
321 int c = *t;
322 if (mac_isprint(c) && (allow_tab || c != '\t')) *tt++ = *t++; else
323 {
324 *tt++ = '\\';
325 switch (*t)
326 {
327 case '\n': *tt++ = 'n'; break;
328 case '\r': *tt++ = 'r'; break;
329 case '\b': *tt++ = 'b'; break;
330 case '\v': *tt++ = 'v'; break;
331 case '\f': *tt++ = 'f'; break;
332 case '\t': *tt++ = 't'; break;
333 default: sprintf(CS tt, "%03o", *t); tt += 3; break;
334 }
335 t++;
336 }
337 }
338 *tt = 0;
339 return ss;
340 }
341 #endif /* COMPILE_UTILITY */
342
343 /*************************************************
344 * Undo printing escapes in string *
345 *************************************************/
346
347 /* This function is the reverse of string_printing2. It searches for
348 backslash characters and if any are found, it makes a new copy of the
349 string with escape sequences parsed. Otherwise it returns the original
350 string.
351
352 Arguments:
353 s the input string
354
355 Returns: string with printing escapes parsed back
356 */
357
358 uschar *
359 string_unprinting(uschar *s)
360 {
361 uschar *p, *q, *r, *ss;
362 int len, off;
363
364 p = Ustrchr(s, '\\');
365 if (!p) return s;
366
367 len = Ustrlen(s) + 1;
368 ss = store_get(len, is_tainted(s));
369
370 q = ss;
371 off = p - s;
372 if (off)
373 {
374 memcpy(q, s, off);
375 q += off;
376 }
377
378 while (*p)
379 {
380 if (*p == '\\')
381 {
382 *q++ = string_interpret_escape((const uschar **)&p);
383 p++;
384 }
385 else
386 {
387 r = Ustrchr(p, '\\');
388 if (!r)
389 {
390 off = Ustrlen(p);
391 memcpy(q, p, off);
392 p += off;
393 q += off;
394 break;
395 }
396 else
397 {
398 off = r - p;
399 memcpy(q, p, off);
400 q += off;
401 p = r;
402 }
403 }
404 }
405 *q = '\0';
406
407 return ss;
408 }
409
410
411
412
413 #if (defined(HAVE_LOCAL_SCAN) || defined(EXPAND_DLFUNC)) \
414 && !defined(MACRO_PREDEF) && !defined(COMPILE_UTILITY)
415 /*************************************************
416 * Copy and save string *
417 *************************************************/
418
419 /*
420 Argument: string to copy
421 Returns: copy of string in new store with the same taint status
422 */
423
424 uschar *
425 string_copy_function(const uschar *s)
426 {
427 return string_copy_taint(s, is_tainted(s));
428 }
429
430 /* This function assumes that memcpy() is faster than strcpy().
431 As above, but explicitly specifying the result taint status
432 */
433
434 uschar *
435 string_copy_taint_function(const uschar * s, BOOL tainted)
436 {
437 int len = Ustrlen(s) + 1;
438 uschar *ss = store_get(len, tainted);
439 memcpy(ss, s, len);
440 return ss;
441 }
442
443
444
445 /*************************************************
446 * Copy and save string, given length *
447 *************************************************/
448
449 /* It is assumed the data contains no zeros. A zero is added
450 onto the end.
451
452 Arguments:
453 s string to copy
454 n number of characters
455
456 Returns: copy of string in new store
457 */
458
459 uschar *
460 string_copyn_function(const uschar *s, int n)
461 {
462 uschar *ss = store_get(n + 1, is_tainted(s));
463 Ustrncpy(ss, s, n);
464 ss[n] = 0;
465 return ss;
466 }
467 #endif
468
469
470 /*************************************************
471 * Copy and save string in malloc'd store *
472 *************************************************/
473
474 /* This function assumes that memcpy() is faster than strcpy().
475
476 Argument: string to copy
477 Returns: copy of string in new store
478 */
479
480 uschar *
481 string_copy_malloc(const uschar *s)
482 {
483 int len = Ustrlen(s) + 1;
484 uschar *ss = store_malloc(len);
485 memcpy(ss, s, len);
486 return ss;
487 }
488
489
490
491 /*************************************************
492 * Copy string if long, inserting newlines *
493 *************************************************/
494
495 /* If the given string is longer than 75 characters, it is copied, and within
496 the copy, certain space characters are converted into newlines.
497
498 Argument: pointer to the string
499 Returns: pointer to the possibly altered string
500 */
501
502 uschar *
503 string_split_message(uschar *msg)
504 {
505 uschar *s, *ss;
506
507 if (msg == NULL || Ustrlen(msg) <= 75) return msg;
508 s = ss = msg = string_copy(msg);
509
510 for (;;)
511 {
512 int i = 0;
513 while (i < 75 && *ss != 0 && *ss != '\n') ss++, i++;
514 if (*ss == 0) break;
515 if (*ss == '\n')
516 s = ++ss;
517 else
518 {
519 uschar *t = ss + 1;
520 uschar *tt = NULL;
521 while (--t > s + 35)
522 {
523 if (*t == ' ')
524 {
525 if (t[-1] == ':') { tt = t; break; }
526 if (tt == NULL) tt = t;
527 }
528 }
529
530 if (tt == NULL) /* Can't split behind - try ahead */
531 {
532 t = ss + 1;
533 while (*t != 0)
534 {
535 if (*t == ' ' || *t == '\n')
536 { tt = t; break; }
537 t++;
538 }
539 }
540
541 if (tt == NULL) break; /* Can't find anywhere to split */
542 *tt = '\n';
543 s = ss = tt+1;
544 }
545 }
546
547 return msg;
548 }
549
550
551
552 /*************************************************
553 * Copy returned DNS domain name, de-escaping *
554 *************************************************/
555
556 /* If a domain name contains top-bit characters, some resolvers return
557 the fully qualified name with those characters turned into escapes. The
558 convention is a backslash followed by _decimal_ digits. We convert these
559 back into the original binary values. This will be relevant when
560 allow_utf8_domains is set true and UTF-8 characters are used in domain
561 names. Backslash can also be used to escape other characters, though we
562 shouldn't come across them in domain names.
563
564 Argument: the domain name string
565 Returns: copy of string in new store, de-escaped
566 */
567
568 uschar *
569 string_copy_dnsdomain(uschar *s)
570 {
571 uschar *yield;
572 uschar *ss = yield = store_get(Ustrlen(s) + 1, is_tainted(s));
573
574 while (*s != 0)
575 {
576 if (*s != '\\')
577 {
578 *ss++ = *s++;
579 }
580 else if (isdigit(s[1]))
581 {
582 *ss++ = (s[1] - '0')*100 + (s[2] - '0')*10 + s[3] - '0';
583 s += 4;
584 }
585 else if (*(++s) != 0)
586 {
587 *ss++ = *s++;
588 }
589 }
590
591 *ss = 0;
592 return yield;
593 }
594
595
596 #ifndef COMPILE_UTILITY
597 /*************************************************
598 * Copy space-terminated or quoted string *
599 *************************************************/
600
601 /* This function copies from a string until its end, or until whitespace is
602 encountered, unless the string begins with a double quote, in which case the
603 terminating quote is sought, and escaping within the string is done. The length
604 of a de-quoted string can be no longer than the original, since escaping always
605 turns n characters into 1 character.
606
607 Argument: pointer to the pointer to the first character, which gets updated
608 Returns: the new string
609 */
610
611 uschar *
612 string_dequote(const uschar **sptr)
613 {
614 const uschar *s = *sptr;
615 uschar *t, *yield;
616
617 /* First find the end of the string */
618
619 if (*s != '\"')
620 while (*s != 0 && !isspace(*s)) s++;
621 else
622 {
623 s++;
624 while (*s && *s != '\"')
625 {
626 if (*s == '\\') (void)string_interpret_escape(&s);
627 s++;
628 }
629 if (*s) s++;
630 }
631
632 /* Get enough store to copy into */
633
634 t = yield = store_get(s - *sptr + 1, is_tainted(*sptr));
635 s = *sptr;
636
637 /* Do the copy */
638
639 if (*s != '\"')
640 while (*s != 0 && !isspace(*s)) *t++ = *s++;
641 else
642 {
643 s++;
644 while (*s != 0 && *s != '\"')
645 {
646 *t++ = *s == '\\' ? string_interpret_escape(&s) : *s;
647 s++;
648 }
649 if (*s) s++;
650 }
651
652 /* Update the pointer and return the terminated copy */
653
654 *sptr = s;
655 *t = 0;
656 return yield;
657 }
658 #endif /* COMPILE_UTILITY */
659
660
661
662 /*************************************************
663 * Format a string and save it *
664 *************************************************/
665
666 /* The formatting is done by string_vformat, which checks the length of
667 everything. Taint is taken from the worst of the arguments.
668
669 Arguments:
670 format a printf() format - deliberately char * rather than uschar *
671 because it will most usually be a literal string
672 ... arguments for format
673
674 Returns: pointer to fresh piece of store containing sprintf'ed string
675 */
676
677 uschar *
678 string_sprintf_trc(const char *format, const uschar * func, unsigned line, ...)
679 {
680 #ifdef COMPILE_UTILITY
681 uschar buffer[STRING_SPRINTF_BUFFER_SIZE];
682 gstring gs = { .size = STRING_SPRINTF_BUFFER_SIZE, .ptr = 0, .s = buffer };
683 gstring * g = &gs;
684 unsigned flags = 0;
685 #else
686 gstring * g = NULL;
687 unsigned flags = SVFMT_REBUFFER|SVFMT_EXTEND;
688 #endif
689
690 va_list ap;
691 va_start(ap, line);
692 g = string_vformat_trc(g, func, line, STRING_SPRINTF_BUFFER_SIZE,
693 flags, format, ap);
694 va_end(ap);
695
696 if (!g)
697 log_write(0, LOG_MAIN|LOG_PANIC_DIE,
698 "string_sprintf expansion was longer than %d; format string was (%s)\n"
699 " called from %s %d\n",
700 STRING_SPRINTF_BUFFER_SIZE, format, func, line);
701
702 #ifdef COMPILE_UTILITY
703 return string_copyn(g->s, g->ptr);
704 #else
705 gstring_release_unused(g);
706 return string_from_gstring(g);
707 #endif
708 }
709
710
711
712 /*************************************************
713 * Case-independent strncmp() function *
714 *************************************************/
715
716 /*
717 Arguments:
718 s first string
719 t second string
720 n number of characters to compare
721
722 Returns: < 0, = 0, or > 0, according to the comparison
723 */
724
725 int
726 strncmpic(const uschar *s, const uschar *t, int n)
727 {
728 while (n--)
729 {
730 int c = tolower(*s++) - tolower(*t++);
731 if (c) return c;
732 }
733 return 0;
734 }
735
736
737 /*************************************************
738 * Case-independent strcmp() function *
739 *************************************************/
740
741 /*
742 Arguments:
743 s first string
744 t second string
745
746 Returns: < 0, = 0, or > 0, according to the comparison
747 */
748
749 int
750 strcmpic(const uschar *s, const uschar *t)
751 {
752 while (*s != 0)
753 {
754 int c = tolower(*s++) - tolower(*t++);
755 if (c != 0) return c;
756 }
757 return *t;
758 }
759
760
761 /*************************************************
762 * Case-independent strstr() function *
763 *************************************************/
764
765 /* The third argument specifies whether whitespace is required
766 to follow the matched string.
767
768 Arguments:
769 s string to search
770 t substring to search for
771 space_follows if TRUE, match only if whitespace follows
772
773 Returns: pointer to substring in string, or NULL if not found
774 */
775
776 uschar *
777 strstric(uschar *s, uschar *t, BOOL space_follows)
778 {
779 uschar *p = t;
780 uschar *yield = NULL;
781 int cl = tolower(*p);
782 int cu = toupper(*p);
783
784 while (*s)
785 {
786 if (*s == cl || *s == cu)
787 {
788 if (yield == NULL) yield = s;
789 if (*(++p) == 0)
790 {
791 if (!space_follows || s[1] == ' ' || s[1] == '\n' ) return yield;
792 yield = NULL;
793 p = t;
794 }
795 cl = tolower(*p);
796 cu = toupper(*p);
797 s++;
798 }
799 else if (yield != NULL)
800 {
801 yield = NULL;
802 p = t;
803 cl = tolower(*p);
804 cu = toupper(*p);
805 }
806 else s++;
807 }
808 return NULL;
809 }
810
811
812
813 #ifdef COMPILE_UTILITY
814 /* Dummy version for this function; it should never be called */
815 static void
816 gstring_grow(gstring * g, int count)
817 {
818 assert(FALSE);
819 }
820 #endif
821
822
823
824 #ifndef COMPILE_UTILITY
825 /*************************************************
826 * Get next string from separated list *
827 *************************************************/
828
829 /* Leading and trailing space is removed from each item. The separator in the
830 list is controlled by the int pointed to by the separator argument as follows:
831
832 If the value is > 0 it is used as the separator. This is typically used for
833 sublists such as slash-separated options. The value is always a printing
834 character.
835
836 (If the value is actually > UCHAR_MAX there is only one item in the list.
837 This is used for some cases when called via functions that sometimes
838 plough through lists, and sometimes are given single items.)
839
840 If the value is <= 0, the string is inspected for a leading <x, where x is an
841 ispunct() or an iscntrl() character. If found, x is used as the separator. If
842 not found:
843
844 (a) if separator == 0, ':' is used
845 (b) if separator <0, -separator is used
846
847 In all cases the value of the separator that is used is written back to the
848 int so that it is used on subsequent calls as we progress through the list.
849
850 A literal ispunct() separator can be represented in an item by doubling, but
851 there is no way to include an iscntrl() separator as part of the data.
852
853 Arguments:
854 listptr points to a pointer to the current start of the list; the
855 pointer gets updated to point after the end of the next item
856 separator a pointer to the separator character in an int (see above)
857 buffer where to put a copy of the next string in the list; or
858 NULL if the next string is returned in new memory
859 buflen when buffer is not NULL, the size of buffer; otherwise ignored
860
861 Returns: pointer to buffer, containing the next substring,
862 or NULL if no more substrings
863 */
864
865 uschar *
866 string_nextinlist_trc(const uschar **listptr, int *separator, uschar *buffer, int buflen,
867 const uschar * func, int line)
868 {
869 int sep = *separator;
870 const uschar *s = *listptr;
871 BOOL sep_is_special;
872
873 if (!s) return NULL;
874
875 /* This allows for a fixed specified separator to be an iscntrl() character,
876 but at the time of implementation, this is never the case. However, it's best
877 to be conservative. */
878
879 while (isspace(*s) && *s != sep) s++;
880
881 /* A change of separator is permitted, so look for a leading '<' followed by an
882 allowed character. */
883
884 if (sep <= 0)
885 {
886 if (*s == '<' && (ispunct(s[1]) || iscntrl(s[1])))
887 {
888 sep = s[1];
889 if (*++s) ++s;
890 while (isspace(*s) && *s != sep) s++;
891 }
892 else
893 sep = sep ? -sep : ':';
894 *separator = sep;
895 }
896
897 /* An empty string has no list elements */
898
899 if (!*s) return NULL;
900
901 /* Note whether whether or not the separator is an iscntrl() character. */
902
903 sep_is_special = iscntrl(sep);
904
905 /* Handle the case when a buffer is provided. */
906
907 if (buffer)
908 {
909 int p = 0;
910 if (is_tainted(s) && !is_tainted(buffer))
911 die_tainted(US"string_nextinlist", func, line);
912 for (; *s; s++)
913 {
914 if (*s == sep && (*(++s) != sep || sep_is_special)) break;
915 if (p < buflen - 1) buffer[p++] = *s;
916 }
917 while (p > 0 && isspace(buffer[p-1])) p--;
918 buffer[p] = '\0';
919 }
920
921 /* Handle the case when a buffer is not provided. */
922
923 else
924 {
925 gstring * g = NULL;
926
927 /* We know that *s != 0 at this point. However, it might be pointing to a
928 separator, which could indicate an empty string, or (if an ispunct()
929 character) could be doubled to indicate a separator character as data at the
930 start of a string. Avoid getting working memory for an empty item. */
931
932 if (*s == sep)
933 {
934 s++;
935 if (*s != sep || sep_is_special)
936 {
937 *listptr = s;
938 return string_copy(US"");
939 }
940 }
941
942 /* Not an empty string; the first character is guaranteed to be a data
943 character. */
944
945 for (;;)
946 {
947 const uschar * ss;
948 for (ss = s + 1; *ss && *ss != sep; ) ss++;
949 g = string_catn(g, s, ss-s);
950 s = ss;
951 if (!*s || *++s != sep || sep_is_special) break;
952 }
953 while (g->ptr > 0 && isspace(g->s[g->ptr-1])) g->ptr--;
954 buffer = string_from_gstring(g);
955 gstring_release_unused(g);
956 }
957
958 /* Update the current pointer and return the new string */
959
960 *listptr = s;
961 return buffer;
962 }
963
964
965 static const uschar *
966 Ustrnchr(const uschar * s, int c, unsigned * len)
967 {
968 unsigned siz = *len;
969 while (siz)
970 {
971 if (!*s) return NULL;
972 if (*s == c)
973 {
974 *len = siz;
975 return s;
976 }
977 s++;
978 siz--;
979 }
980 return NULL;
981 }
982
983
984 /************************************************
985 * Add element to separated list *
986 ************************************************/
987 /* This function is used to build a list, returning an allocated null-terminated
988 growable string. The given element has any embedded separator characters
989 doubled.
990
991 Despite having the same growable-string interface as string_cat() the list is
992 always returned null-terminated.
993
994 Arguments:
995 list expanding-string for the list that is being built, or NULL
996 if this is a new list that has no contents yet
997 sep list separator character
998 ele new element to be appended to the list
999
1000 Returns: pointer to the start of the list, changed if copied for expansion.
1001 */
1002
1003 gstring *
1004 string_append_listele(gstring * list, uschar sep, const uschar * ele)
1005 {
1006 uschar * sp;
1007
1008 if (list && list->ptr)
1009 list = string_catn(list, &sep, 1);
1010
1011 while((sp = Ustrchr(ele, sep)))
1012 {
1013 list = string_catn(list, ele, sp-ele+1);
1014 list = string_catn(list, &sep, 1);
1015 ele = sp+1;
1016 }
1017 list = string_cat(list, ele);
1018 (void) string_from_gstring(list);
1019 return list;
1020 }
1021
1022
1023 gstring *
1024 string_append_listele_n(gstring * list, uschar sep, const uschar * ele,
1025 unsigned len)
1026 {
1027 const uschar * sp;
1028
1029 if (list && list->ptr)
1030 list = string_catn(list, &sep, 1);
1031
1032 while((sp = Ustrnchr(ele, sep, &len)))
1033 {
1034 list = string_catn(list, ele, sp-ele+1);
1035 list = string_catn(list, &sep, 1);
1036 ele = sp+1;
1037 len--;
1038 }
1039 list = string_catn(list, ele, len);
1040 (void) string_from_gstring(list);
1041 return list;
1042 }
1043
1044
1045
1046 /* A slightly-bogus listmaker utility; the separator is a string so
1047 can be multiple chars - there is no checking for the element content
1048 containing any of the separator. */
1049
1050 gstring *
1051 string_append2_listele_n(gstring * list, const uschar * sepstr,
1052 const uschar * ele, unsigned len)
1053 {
1054 if (list && list->ptr)
1055 list = string_cat(list, sepstr);
1056
1057 list = string_catn(list, ele, len);
1058 (void) string_from_gstring(list);
1059 return list;
1060 }
1061
1062
1063
1064 /************************************************/
1065 /* Add more space to a growable-string. The caller should check
1066 first if growth is required. The gstring struct is modified on
1067 return; specifically, the string-base-pointer may have been changed.
1068
1069 Arguments:
1070 g the growable-string
1071 count amount needed for g->ptr to increase by
1072 */
1073
1074 static void
1075 gstring_grow(gstring * g, int count)
1076 {
1077 int p = g->ptr;
1078 int oldsize = g->size;
1079 BOOL tainted = is_tainted(g->s);
1080
1081 /* Mostly, string_cat() is used to build small strings of a few hundred
1082 characters at most. There are times, however, when the strings are very much
1083 longer (for example, a lookup that returns a vast number of alias addresses).
1084 To try to keep things reasonable, we use increments whose size depends on the
1085 existing length of the string. */
1086
1087 unsigned inc = oldsize < 4096 ? 127 : 1023;
1088
1089 if (count <= 0) return;
1090 g->size = (p + count + inc + 1) & ~inc; /* one for a NUL */
1091
1092 /* Try to extend an existing allocation. If the result of calling
1093 store_extend() is false, either there isn't room in the current memory block,
1094 or this string is not the top item on the dynamic store stack. We then have
1095 to get a new chunk of store and copy the old string. When building large
1096 strings, it is helpful to call store_release() on the old string, to release
1097 memory blocks that have become empty. (The block will be freed if the string
1098 is at its start.) However, we can do this only if we know that the old string
1099 was the last item on the dynamic memory stack. This is the case if it matches
1100 store_last_get. */
1101
1102 if (!store_extend(g->s, tainted, oldsize, g->size))
1103 g->s = store_newblock(g->s, tainted, g->size, p);
1104 }
1105
1106
1107
1108 /*************************************************
1109 * Add chars to string *
1110 *************************************************/
1111 /* This function is used when building up strings of unknown length. Room is
1112 always left for a terminating zero to be added to the string that is being
1113 built. This function does not require the string that is being added to be NUL
1114 terminated, because the number of characters to add is given explicitly. It is
1115 sometimes called to extract parts of other strings.
1116
1117 Arguments:
1118 string points to the start of the string that is being built, or NULL
1119 if this is a new string that has no contents yet
1120 s points to characters to add
1121 count count of characters to add; must not exceed the length of s, if s
1122 is a C string.
1123
1124 Returns: pointer to the start of the string, changed if copied for expansion.
1125 Note that a NUL is not added, though space is left for one. This is
1126 because string_cat() is often called multiple times to build up a
1127 string - there's no point adding the NUL till the end.
1128
1129 */
1130 /* coverity[+alloc] */
1131
1132 gstring *
1133 string_catn(gstring * g, const uschar *s, int count)
1134 {
1135 int p;
1136 BOOL srctaint = is_tainted(s);
1137
1138 if (!g)
1139 {
1140 unsigned inc = count < 4096 ? 127 : 1023;
1141 unsigned size = ((count + inc) & ~inc) + 1;
1142 g = string_get_tainted(size, srctaint);
1143 }
1144 else if (srctaint && !is_tainted(g->s))
1145 gstring_rebuffer(g);
1146
1147 p = g->ptr;
1148 if (p + count >= g->size)
1149 gstring_grow(g, count);
1150
1151 /* Because we always specify the exact number of characters to copy, we can
1152 use memcpy(), which is likely to be more efficient than strncopy() because the
1153 latter has to check for zero bytes. */
1154
1155 memcpy(g->s + p, s, count);
1156 g->ptr = p + count;
1157 return g;
1158 }
1159
1160
1161 gstring *
1162 string_cat(gstring *string, const uschar *s)
1163 {
1164 return string_catn(string, s, Ustrlen(s));
1165 }
1166
1167
1168
1169 /*************************************************
1170 * Append strings to another string *
1171 *************************************************/
1172
1173 /* This function can be used to build a string from many other strings.
1174 It calls string_cat() to do the dirty work.
1175
1176 Arguments:
1177 string expanding-string that is being built, or NULL
1178 if this is a new string that has no contents yet
1179 count the number of strings to append
1180 ... "count" uschar* arguments, which must be valid zero-terminated
1181 C strings
1182
1183 Returns: pointer to the start of the string, changed if copied for expansion.
1184 The string is not zero-terminated - see string_cat() above.
1185 */
1186
1187 __inline__ gstring *
1188 string_append(gstring *string, int count, ...)
1189 {
1190 va_list ap;
1191
1192 va_start(ap, count);
1193 while (count-- > 0)
1194 {
1195 uschar *t = va_arg(ap, uschar *);
1196 string = string_cat(string, t);
1197 }
1198 va_end(ap);
1199
1200 return string;
1201 }
1202 #endif
1203
1204
1205
1206 /*************************************************
1207 * Format a string with length checks *
1208 *************************************************/
1209
1210 /* This function is used to format a string with checking of the length of the
1211 output for all conversions. It protects Exim from absent-mindedness when
1212 calling functions like debug_printf and string_sprintf, and elsewhere. There
1213 are two different entry points to what is actually the same function, depending
1214 on whether the variable length list of data arguments are given explicitly or
1215 as a va_list item.
1216
1217 The formats are the usual printf() ones, with some omissions (never used) and
1218 three additions for strings: %S forces lower case, %T forces upper case, and
1219 %#s or %#S prints nothing for a NULL string. Without the # "NULL" is printed
1220 (useful in debugging). There is also the addition of %D and %M, which insert
1221 the date in the form used for datestamped log files.
1222
1223 Arguments:
1224 buffer a buffer in which to put the formatted string
1225 buflen the length of the buffer
1226 format the format string - deliberately char * and not uschar *
1227 ... or ap variable list of supplementary arguments
1228
1229 Returns: TRUE if the result fitted in the buffer
1230 */
1231
1232 BOOL
1233 string_format_trc(uschar * buffer, int buflen,
1234 const uschar * func, unsigned line, const char * format, ...)
1235 {
1236 gstring g = { .size = buflen, .ptr = 0, .s = buffer }, *gp;
1237 va_list ap;
1238 va_start(ap, format);
1239 gp = string_vformat_trc(&g, func, line, STRING_SPRINTF_BUFFER_SIZE,
1240 0, format, ap);
1241 va_end(ap);
1242 g.s[g.ptr] = '\0';
1243 return !!gp;
1244 }
1245
1246
1247
1248
1249 /* Build or append to a growing-string, sprintf-style.
1250
1251 Arguments:
1252 g a growable-string
1253 func called-from function name, for debug
1254 line called-from file line number, for debug
1255 limit maximum string size
1256 flags see below
1257 format printf-like format string
1258 ap variable-args pointer
1259
1260 Flags:
1261 SVFMT_EXTEND buffer can be created or exteded as needed
1262 SVFMT_REBUFFER buffer can be recopied to tainted mem as needed
1263 SVFMT_TAINT_NOCHK do not check inputs for taint
1264
1265 If the "extend" flag is true, the string passed in can be NULL,
1266 empty, or non-empty. Growing is subject to an overall limit given
1267 by the limit argument.
1268
1269 If the "extend" flag is false, the string passed in may not be NULL,
1270 will not be grown, and is usable in the original place after return.
1271 The return value can be NULL to signify overflow.
1272
1273 Returns the possibly-new (if copy for growth or taint-handling was needed)
1274 string, not nul-terminated.
1275 */
1276
1277 gstring *
1278 string_vformat_trc(gstring * g, const uschar * func, unsigned line,
1279 unsigned size_limit, unsigned flags, const char *format, va_list ap)
1280 {
1281 enum ltypes { L_NORMAL=1, L_SHORT=2, L_LONG=3, L_LONGLONG=4, L_LONGDOUBLE=5, L_SIZE=6 };
1282
1283 int width, precision, off, lim, need;
1284 const char * fp = format; /* Deliberately not unsigned */
1285 BOOL dest_tainted = FALSE;
1286
1287 string_datestamp_offset = -1; /* Datestamp not inserted */
1288 string_datestamp_length = 0; /* Datestamp not inserted */
1289 string_datestamp_type = 0; /* Datestamp not inserted */
1290
1291 #ifdef COMPILE_UTILITY
1292 assert(!(flags & SVFMT_EXTEND));
1293 assert(g);
1294 #else
1295
1296 /* Ensure we have a string, to save on checking later */
1297 if (!g) g = string_get(16);
1298 else if (!(flags & SVFMT_TAINT_NOCHK)) dest_tainted = is_tainted(g->s);
1299
1300 if (!(flags & SVFMT_TAINT_NOCHK) && !dest_tainted && is_tainted(format))
1301 {
1302 #ifndef MACRO_PREDEF
1303 if (!(flags & SVFMT_REBUFFER))
1304 die_tainted(US"string_vformat", func, line);
1305 #endif
1306 gstring_rebuffer(g);
1307 dest_tainted = TRUE;
1308 }
1309 #endif /*!COMPILE_UTILITY*/
1310
1311 lim = g->size - 1; /* leave one for a nul */
1312 off = g->ptr; /* remember initial offset in gstring */
1313
1314 /* Scan the format and handle the insertions */
1315
1316 while (*fp)
1317 {
1318 int length = L_NORMAL;
1319 int *nptr;
1320 int slen;
1321 const char *null = "NULL"; /* ) These variables */
1322 const char *item_start, *s; /* ) are deliberately */
1323 char newformat[16]; /* ) not unsigned */
1324 char * gp = CS g->s + g->ptr; /* ) */
1325
1326 /* Non-% characters just get copied verbatim */
1327
1328 if (*fp != '%')
1329 {
1330 /* Avoid string_copyn() due to COMPILE_UTILITY */
1331 if ((need = g->ptr + 1) > lim)
1332 {
1333 if (!(flags & SVFMT_EXTEND) || need > size_limit) return NULL;
1334 gstring_grow(g, 1);
1335 lim = g->size - 1;
1336 }
1337 g->s[g->ptr++] = (uschar) *fp++;
1338 continue;
1339 }
1340
1341 /* Deal with % characters. Pick off the width and precision, for checking
1342 strings, skipping over the flag and modifier characters. */
1343
1344 item_start = fp;
1345 width = precision = -1;
1346
1347 if (strchr("-+ #0", *(++fp)) != NULL)
1348 {
1349 if (*fp == '#') null = "";
1350 fp++;
1351 }
1352
1353 if (isdigit((uschar)*fp))
1354 {
1355 width = *fp++ - '0';
1356 while (isdigit((uschar)*fp)) width = width * 10 + *fp++ - '0';
1357 }
1358 else if (*fp == '*')
1359 {
1360 width = va_arg(ap, int);
1361 fp++;
1362 }
1363
1364 if (*fp == '.')
1365 if (*(++fp) == '*')
1366 {
1367 precision = va_arg(ap, int);
1368 fp++;
1369 }
1370 else
1371 for (precision = 0; isdigit((uschar)*fp); fp++)
1372 precision = precision*10 + *fp - '0';
1373
1374 /* Skip over 'h', 'L', 'l', 'll' and 'z', remembering the item length */
1375
1376 if (*fp == 'h')
1377 { fp++; length = L_SHORT; }
1378 else if (*fp == 'L')
1379 { fp++; length = L_LONGDOUBLE; }
1380 else if (*fp == 'l')
1381 if (fp[1] == 'l')
1382 { fp += 2; length = L_LONGLONG; }
1383 else
1384 { fp++; length = L_LONG; }
1385 else if (*fp == 'z')
1386 { fp++; length = L_SIZE; }
1387
1388 /* Handle each specific format type. */
1389
1390 switch (*fp++)
1391 {
1392 case 'n':
1393 nptr = va_arg(ap, int *);
1394 *nptr = g->ptr - off;
1395 break;
1396
1397 case 'd':
1398 case 'o':
1399 case 'u':
1400 case 'x':
1401 case 'X':
1402 width = length > L_LONG ? 24 : 12;
1403 if ((need = g->ptr + width) > lim)
1404 {
1405 if (!(flags & SVFMT_EXTEND) || need >= size_limit) return NULL;
1406 gstring_grow(g, width);
1407 lim = g->size - 1;
1408 gp = CS g->s + g->ptr;
1409 }
1410 strncpy(newformat, item_start, fp - item_start);
1411 newformat[fp - item_start] = 0;
1412
1413 /* Short int is promoted to int when passing through ..., so we must use
1414 int for va_arg(). */
1415
1416 switch(length)
1417 {
1418 case L_SHORT:
1419 case L_NORMAL:
1420 g->ptr += sprintf(gp, newformat, va_arg(ap, int)); break;
1421 case L_LONG:
1422 g->ptr += sprintf(gp, newformat, va_arg(ap, long int)); break;
1423 case L_LONGLONG:
1424 g->ptr += sprintf(gp, newformat, va_arg(ap, LONGLONG_T)); break;
1425 case L_SIZE:
1426 g->ptr += sprintf(gp, newformat, va_arg(ap, size_t)); break;
1427 }
1428 break;
1429
1430 case 'p':
1431 {
1432 void * ptr;
1433 if ((need = g->ptr + 24) > lim)
1434 {
1435 if (!(flags & SVFMT_EXTEND || need >= size_limit)) return NULL;
1436 gstring_grow(g, 24);
1437 lim = g->size - 1;
1438 gp = CS g->s + g->ptr;
1439 }
1440 /* sprintf() saying "(nil)" for a null pointer seems unreliable.
1441 Handle it explicitly. */
1442 if ((ptr = va_arg(ap, void *)))
1443 {
1444 strncpy(newformat, item_start, fp - item_start);
1445 newformat[fp - item_start] = 0;
1446 g->ptr += sprintf(gp, newformat, ptr);
1447 }
1448 else
1449 g->ptr += sprintf(gp, "(nil)");
1450 }
1451 break;
1452
1453 /* %f format is inherently insecure if the numbers that it may be
1454 handed are unknown (e.g. 1e300). However, in Exim, %f is used for
1455 printing load averages, and these are actually stored as integers
1456 (load average * 1000) so the size of the numbers is constrained.
1457 It is also used for formatting sending rates, where the simplicity
1458 of the format prevents overflow. */
1459
1460 case 'f':
1461 case 'e':
1462 case 'E':
1463 case 'g':
1464 case 'G':
1465 if (precision < 0) precision = 6;
1466 if ((need = g->ptr + precision + 8) > lim)
1467 {
1468 if (!(flags & SVFMT_EXTEND || need >= size_limit)) return NULL;
1469 gstring_grow(g, precision+8);
1470 lim = g->size - 1;
1471 gp = CS g->s + g->ptr;
1472 }
1473 strncpy(newformat, item_start, fp - item_start);
1474 newformat[fp-item_start] = 0;
1475 if (length == L_LONGDOUBLE)
1476 g->ptr += sprintf(gp, newformat, va_arg(ap, long double));
1477 else
1478 g->ptr += sprintf(gp, newformat, va_arg(ap, double));
1479 break;
1480
1481 /* String types */
1482
1483 case '%':
1484 if ((need = g->ptr + 1) > lim)
1485 {
1486 if (!(flags & SVFMT_EXTEND || need >= size_limit)) return NULL;
1487 gstring_grow(g, 1);
1488 lim = g->size - 1;
1489 }
1490 g->s[g->ptr++] = (uschar) '%';
1491 break;
1492
1493 case 'c':
1494 if ((need = g->ptr + 1) > lim)
1495 {
1496 if (!(flags & SVFMT_EXTEND || need >= size_limit)) return NULL;
1497 gstring_grow(g, 1);
1498 lim = g->size - 1;
1499 }
1500 g->s[g->ptr++] = (uschar) va_arg(ap, int);
1501 break;
1502
1503 case 'D': /* Insert daily datestamp for log file names */
1504 s = CS tod_stamp(tod_log_datestamp_daily);
1505 string_datestamp_offset = g->ptr; /* Passed back via global */
1506 string_datestamp_length = Ustrlen(s); /* Passed back via global */
1507 string_datestamp_type = tod_log_datestamp_daily;
1508 slen = string_datestamp_length;
1509 goto INSERT_STRING;
1510
1511 case 'M': /* Insert monthly datestamp for log file names */
1512 s = CS tod_stamp(tod_log_datestamp_monthly);
1513 string_datestamp_offset = g->ptr; /* Passed back via global */
1514 string_datestamp_length = Ustrlen(s); /* Passed back via global */
1515 string_datestamp_type = tod_log_datestamp_monthly;
1516 slen = string_datestamp_length;
1517 goto INSERT_STRING;
1518
1519 case 's':
1520 case 'S': /* Forces *lower* case */
1521 case 'T': /* Forces *upper* case */
1522 s = va_arg(ap, char *);
1523
1524 if (!s) s = null;
1525 slen = Ustrlen(s);
1526
1527 if (!(flags & SVFMT_TAINT_NOCHK) && !dest_tainted && is_tainted(s))
1528 if (flags & SVFMT_REBUFFER)
1529 {
1530 gstring_rebuffer(g);
1531 gp = CS g->s + g->ptr;
1532 dest_tainted = TRUE;
1533 }
1534 #ifndef MACRO_PREDEF
1535 else
1536 die_tainted(US"string_vformat", func, line);
1537 #endif
1538
1539 INSERT_STRING: /* Come to from %D or %M above */
1540
1541 {
1542 BOOL truncated = FALSE;
1543
1544 /* If the width is specified, check that there is a precision
1545 set; if not, set it to the width to prevent overruns of long
1546 strings. */
1547
1548 if (width >= 0)
1549 {
1550 if (precision < 0) precision = width;
1551 }
1552
1553 /* If a width is not specified and the precision is specified, set
1554 the width to the precision, or the string length if shorted. */
1555
1556 else if (precision >= 0)
1557 width = precision < slen ? precision : slen;
1558
1559 /* If neither are specified, set them both to the string length. */
1560
1561 else
1562 width = precision = slen;
1563
1564 if ((need = g->ptr + width) >= size_limit || !(flags & SVFMT_EXTEND))
1565 {
1566 if (g->ptr == lim) return NULL;
1567 if (need > lim)
1568 {
1569 truncated = TRUE;
1570 width = precision = lim - g->ptr - 1;
1571 if (width < 0) width = 0;
1572 if (precision < 0) precision = 0;
1573 }
1574 }
1575 else if (need > lim)
1576 {
1577 gstring_grow(g, width);
1578 lim = g->size - 1;
1579 gp = CS g->s + g->ptr;
1580 }
1581
1582 g->ptr += sprintf(gp, "%*.*s", width, precision, s);
1583 if (fp[-1] == 'S')
1584 while (*gp) { *gp = tolower(*gp); gp++; }
1585 else if (fp[-1] == 'T')
1586 while (*gp) { *gp = toupper(*gp); gp++; }
1587
1588 if (truncated) return NULL;
1589 break;
1590 }
1591
1592 /* Some things are never used in Exim; also catches junk. */
1593
1594 default:
1595 strncpy(newformat, item_start, fp - item_start);
1596 newformat[fp-item_start] = 0;
1597 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "string_format: unsupported type "
1598 "in \"%s\" in \"%s\"", newformat, format);
1599 break;
1600 }
1601 }
1602
1603 if (g->ptr > g->size)
1604 log_write(0, LOG_MAIN|LOG_PANIC_DIE,
1605 "string_format internal error: caller %s %d", func, line);
1606 return g;
1607 }
1608
1609
1610
1611 #ifndef COMPILE_UTILITY
1612 /*************************************************
1613 * Generate an "open failed" message *
1614 *************************************************/
1615
1616 /* This function creates a message after failure to open a file. It includes a
1617 string supplied as data, adds the strerror() text, and if the failure was
1618 "Permission denied", reads and includes the euid and egid.
1619
1620 Arguments:
1621 eno the value of errno after the failure
1622 format a text format string - deliberately not uschar *
1623 ... arguments for the format string
1624
1625 Returns: a message, in dynamic store
1626 */
1627
1628 uschar *
1629 string_open_failed_trc(int eno, const uschar * func, unsigned line,
1630 const char *format, ...)
1631 {
1632 va_list ap;
1633 gstring * g = string_get(1024);
1634
1635 g = string_catn(g, US"failed to open ", 15);
1636
1637 /* Use the checked formatting routine to ensure that the buffer
1638 does not overflow. It should not, since this is called only for internally
1639 specified messages. If it does, the message just gets truncated, and there
1640 doesn't seem much we can do about that. */
1641
1642 va_start(ap, format);
1643 (void) string_vformat_trc(g, func, line, STRING_SPRINTF_BUFFER_SIZE,
1644 SVFMT_REBUFFER, format, ap);
1645 string_from_gstring(g);
1646 gstring_release_unused(g);
1647 va_end(ap);
1648
1649 return eno == EACCES
1650 ? string_sprintf("%s: %s (euid=%ld egid=%ld)", g->s, strerror(eno),
1651 (long int)geteuid(), (long int)getegid())
1652 : string_sprintf("%s: %s", g->s, strerror(eno));
1653 }
1654 #endif /* COMPILE_UTILITY */
1655
1656
1657
1658
1659
1660 #ifndef COMPILE_UTILITY
1661 /* qsort(3), currently used to sort the environment variables
1662 for -bP environment output, needs a function to compare two pointers to string
1663 pointers. Here it is. */
1664
1665 int
1666 string_compare_by_pointer(const void *a, const void *b)
1667 {
1668 return Ustrcmp(* CUSS a, * CUSS b);
1669 }
1670 #endif /* COMPILE_UTILITY */
1671
1672
1673
1674
1675 /*************************************************
1676 **************************************************
1677 * Stand-alone test program *
1678 **************************************************
1679 *************************************************/
1680
1681 #ifdef STAND_ALONE
1682 int main(void)
1683 {
1684 uschar buffer[256];
1685
1686 printf("Testing is_ip_address\n");
1687
1688 while (fgets(CS buffer, sizeof(buffer), stdin) != NULL)
1689 {
1690 int offset;
1691 buffer[Ustrlen(buffer) - 1] = 0;
1692 printf("%d\n", string_is_ip_address(buffer, NULL));
1693 printf("%d %d %s\n", string_is_ip_address(buffer, &offset), offset, buffer);
1694 }
1695
1696 printf("Testing string_nextinlist\n");
1697
1698 while (fgets(CS buffer, sizeof(buffer), stdin) != NULL)
1699 {
1700 uschar *list = buffer;
1701 uschar *lp1, *lp2;
1702 uschar item[256];
1703 int sep1 = 0;
1704 int sep2 = 0;
1705
1706 if (*list == '<')
1707 {
1708 sep1 = sep2 = list[1];
1709 list += 2;
1710 }
1711
1712 lp1 = lp2 = list;
1713 for (;;)
1714 {
1715 uschar *item1 = string_nextinlist(&lp1, &sep1, item, sizeof(item));
1716 uschar *item2 = string_nextinlist(&lp2, &sep2, NULL, 0);
1717
1718 if (item1 == NULL && item2 == NULL) break;
1719 if (item == NULL || item2 == NULL || Ustrcmp(item1, item2) != 0)
1720 {
1721 printf("***ERROR\nitem1=\"%s\"\nitem2=\"%s\"\n",
1722 (item1 == NULL)? "NULL" : CS item1,
1723 (item2 == NULL)? "NULL" : CS item2);
1724 break;
1725 }
1726 else printf(" \"%s\"\n", CS item1);
1727 }
1728 }
1729
1730 /* This is a horrible lash-up, but it serves its purpose. */
1731
1732 printf("Testing string_format\n");
1733
1734 while (fgets(CS buffer, sizeof(buffer), stdin) != NULL)
1735 {
1736 void *args[3];
1737 long long llargs[3];
1738 double dargs[3];
1739 int dflag = 0;
1740 int llflag = 0;
1741 int n = 0;
1742 int count;
1743 int countset = 0;
1744 uschar format[256];
1745 uschar outbuf[256];
1746 uschar *s;
1747 buffer[Ustrlen(buffer) - 1] = 0;
1748
1749 s = Ustrchr(buffer, ',');
1750 if (s == NULL) s = buffer + Ustrlen(buffer);
1751
1752 Ustrncpy(format, buffer, s - buffer);
1753 format[s-buffer] = 0;
1754
1755 if (*s == ',') s++;
1756
1757 while (*s != 0)
1758 {
1759 uschar *ss = s;
1760 s = Ustrchr(ss, ',');
1761 if (s == NULL) s = ss + Ustrlen(ss);
1762
1763 if (isdigit(*ss))
1764 {
1765 Ustrncpy(outbuf, ss, s-ss);
1766 if (Ustrchr(outbuf, '.') != NULL)
1767 {
1768 dflag = 1;
1769 dargs[n++] = Ustrtod(outbuf, NULL);
1770 }
1771 else if (Ustrstr(outbuf, "ll") != NULL)
1772 {
1773 llflag = 1;
1774 llargs[n++] = strtoull(CS outbuf, NULL, 10);
1775 }
1776 else
1777 {
1778 args[n++] = (void *)Uatoi(outbuf);
1779 }
1780 }
1781
1782 else if (Ustrcmp(ss, "*") == 0)
1783 {
1784 args[n++] = (void *)(&count);
1785 countset = 1;
1786 }
1787
1788 else
1789 {
1790 uschar *sss = malloc(s - ss + 1);
1791 Ustrncpy(sss, ss, s-ss);
1792 args[n++] = sss;
1793 }
1794
1795 if (*s == ',') s++;
1796 }
1797
1798 if (!dflag && !llflag)
1799 printf("%s\n", string_format(outbuf, sizeof(outbuf), CS format,
1800 args[0], args[1], args[2])? "True" : "False");
1801
1802 else if (dflag)
1803 printf("%s\n", string_format(outbuf, sizeof(outbuf), CS format,
1804 dargs[0], dargs[1], dargs[2])? "True" : "False");
1805
1806 else printf("%s\n", string_format(outbuf, sizeof(outbuf), CS format,
1807 llargs[0], llargs[1], llargs[2])? "True" : "False");
1808
1809 printf("%s\n", CS outbuf);
1810 if (countset) printf("count=%d\n", count);
1811 }
1812
1813 return 0;
1814 }
1815 #endif
1816
1817 /* End of string.c */
Unnamed repository; edit this file 'description' to name the repository.